CVE-2026-5124

Medium CVSS: 6.3

A security vulnerability has been detected in osrg GoBGP up to 4.3.0. Affected is the function BGPHeader.DecodeFromBytes of the file pkg/packet/bgp/bgp.go of the component BGP Header Handler. The manipulation leads to improper access controls. Remote exploitation of the attack is possible. The attack is considered to have high complexity. The exploitability is told to be difficult. The identifier of the patch is f0f24a2a901cbf159260698211ab15c583ced131. To fix this issue, it is recommended to deploy a patch.

Vendor

Osrg

Product

Gobgp

CWE

CWE-266

Yayın Tarihi

2026-03-30 17:16:16

Güncelleme

2026-04-06 15:52:36

Source Identifier

cna@vuldb.com

KEV Date Added

Kategoriler

CWE-266 Gobgp MEDIUM Osrg 2026

Referanslar

https://github.com/osrg/gobgp/ https://github.com/osrg/gobgp/commit/f0f24a2a901cbf159260698211ab15c583ced131 https://github.com/osrg/gobgp/pull/3340 https://vuldb.com/submit/780189 https://vuldb.com/vuln/354156 https://vuldb.com/vuln/354156/cti

Benzer Kayıtlar

Medium

CVE-2026-5123

A weakness has been identified in osrg GoBGP up to 4.3.0. This impacts the function DecodeFromBytes of the file pkg/pack…

High

CVE-2026-30405

An issue in GoBGP gobgpd v.4.2.0 allows a remote attacker to cause a denial of service via the NEXT_HOP path attribute

Medium

CVE-2025-43970

An issue was discovered in GoBGP before 3.35.0. pkg/packet/mrt/mrt.go does not properly check the input length, e.g., by…

High

CVE-2025-43971

An issue was discovered in GoBGP before 3.35.0. pkg/packet/bgp/bgp.go allows attackers to cause a panic via a zero value…

Medium

CVE-2025-43972

An issue was discovered in GoBGP before 3.35.0. An attacker can cause a crash in the pkg/packet/bgp/bgp.go flowspec pars…

Medium

CVE-2025-43973

An issue was discovered in GoBGP before 3.35.0. pkg/packet/rtr/rtr.go does not verify that the input length corresponds…